ConsumerSay Wants All Your Data, Will Give You $20 For It

By cwaltersApril 2, 2008

Pssst, wanna make an easy $20? Just give all your bank account and personal data over to ConsumerSay, a consumer opinion and behavior tracking firm owned by Lightspeed Research. Jen, who sometimes fills out surveys for freebies and cash, got an email from them offering her $20 for only 5 to 10 minutes of her time. Oh, and all of her financial transaction data.

Basically, the company tracks your spending habits by collecting data directly from your credit card statement. But rest assured, they say, that the data is in good hands:

Registering these accounts simply authorizes secure collection of monthly information from those accounts for research purposes only. Your specific credit card information will be collected through an infrastructure that ensures the highest level of security with a world-class network, data, and physical security system.

Do any of you security types out there know anything about this? Or is it just a marketing term used by Lightspeed? It’s not going to become self-aware, is it?

But back to the original email. Jen adds that she’s pretty skeptical of the offer:

My credit card information. My online financial statements. What the hell?! Even if this is legit, there’s no way.

Thought you’d like to know. If this is a scam, I’d like to know, and I’m sure so would some other people. I’m sure the survey site won’t like me sending this, but it’s not like I make anything of value from watching pre-production commercials or telling people how often I buy shampoo.

We don’t think they’re a scam, Jen. We just think they want you to fork over the keys to your past and future financial history for twenty dollars. Pass.

The exodus vault is simply a data center. Every serious data center on the face of the planet has what they offer – physical security and fire protection. Electronic shielding? If you’re subject to an EMP that’s big enough to knock out a data center, then you’ve got way bigger problems than your credit transactions.

The other point is that all of this is in no way related to the safety of the actual data. It’s the safety of the equipment that stores the data. When was the last time that someone walked in and stole physical media from a data center. How about – never. It’s not like there are a bunch of eastern european hackers lurking in the bushes just waiting for someone to leave the door open.

These @$$clowns have just trademarked a name for their data center – that’s all. Avoid this like herpes. Especially when there’s no long-term commitment to data use. Once they have it, what happens 2, 3, or x years down the road? How will they dispose of it?

@ColdNorth: “P.T. Barnum’s words were never truer than they are today.” Yep. That’s the reason we all get 50 spam emails a day and have to sit through four minutes of commercials obviously aimed at the mentally handicapped three or four times per half-hour TV show. They’re also the reason some non-retarded people will pay extra for TiVO.

I do alot of online survey and am on the Lightspeed panel. The only survey request that I have ever received similar to that one, from any of the survey sites I belong to, was a request once to log onto one of my credit card accounts and to search around the website. No way.

I did receive a survey once asking me to download some kind of software that would track all my computer activity. I turned that one down also. I was worried that doing that would more or less let them view anything on my computer they wanted to. Paranoia?

How useful is the purchasing history of someone that will give up this type of info for $20? Its probably a credit card statement full of Home Shopping Network, Franklin Mint, and Lillian Vernon purchases.

This would work well on college campuses. They already convince kids to sign up for credit cards for free Domino’s pizzas. Hint to the other students: if you walk 15 feet behind the tent, the pizzas cost $5. Inside Dominos. No credit card.

Exodus Vault is physical security, not anti-hacking measures. I did a quick google and found this article[www.allbusiness.com]

This quote from Exodus systems made me about fall out of my chair laughing.
“Many of our customers rely on the Internet as a critical part of their business success, so we take security very seriously,” said Ellen M. Hancock, president and CEO of Exodus Communications”

But would you really trust a data security company whose name means “a mass departure”, like of your personal data?[www.merriam-webster.com]

your consumer habits are worth a lot more than $20. for business development and marketing people, this is the holy grail. most retailers won’t even set foot in a community until they’ve seen extensive demographic data outlining median income, spending habits, education level, etc.

with this company you’re just cutting out the middle man, at a deep discount. the data stored on your grocery store ‘club card’ and what you’ve purchased with your credit cards is already being sold to data aggregators like InfoUSA. then InfoUSA combines it with census data, turns around, and sells that data to consulting firms (many are in-house) who package it and sell it right back to the bastards who collected it from you in the first place.

and now you’ve just witnessed the cradle-to-grave cycle of an entire industry! you’re welcome.

The ‘electronic shielding’ is to prevent anyone from picking up any of the various signals radiating from their data center. The Federal Government has been doing it for years – it’s called TEMPEST – and it is required of every system that processes classified information. What it is basically is a big Farraday cage.

I’ve actually seen a demonstration – it is a real and known phenomenon.

@MountainCop: Basically these guys have a physical SCIF but none of the isolated network connectivity. Hmm… people are pissed off enough that the NSA has their phone records, but they’ll give some business their info for a pitance?

I cringe each time I hear Lightspeed’s rolled this out. They seem to do it 2-3x a year, though I’ve only received the invitation once. I don’t think they mention the depth of information they require in the initial survey, before passing you on to ConsumerSay. While most people are smart enough to stay away, I have seen a few who gladly gave their info for the $20, or worse yet, whined that they weren’t invited and call the rest of us paranoid conspiracy theorists when we point out why this was a bad idea.

$20 seems ridiculously low, given the fact they once gave me $60 for information about the snacks I ate over a ten day period, heh.

I’m very familiar with Lightspeed in a professional capacity (I work in online research). They are a 100% legit company – it’s absolutely not a scam.

Not saying it’s a wise idea to try and conduct this kind of research. The company I work with has been approached by end clients kinds of studies before and politely declined, for exactly the reasons contained in this thread.

Worth pointing out – the normal incentive for a consumer study would range from $1 to $3, MAYBE $4 or $5. So, to many members of an online panel, getting anywhere from 4 to twenty times what they would usually receive can be an enticing offer. I agree with whoever said many will go for this.

And if I were to bet, I would imagine that no actual identity theft will occur as a result. That said, would I volunteer to participate if I received an invitation? Yeah, I probably wouldn’t.

@MountainCop: A SCIF is only used for compartmentalized information when it’s viewed outside of a secure facility, but there’s no requirement for it. There is no such universal Federal Government requirement for “all systems that process classified information”. In most cases, it depends on the agency that produces the information.

Shielding? What shielding? I don’t think I’ve ever been in a datacenter that bothered. The servers themselves don’t emit any useful RF, the only useful stuff can come from unshielded CRTs. In Van Eck phreaking, a sweep generator is combined with a receiver to reconstruct the CRT image from noise it emits. The only problem is that 90% of datacenters don’t have any monitors turned on inside them. The servers are all accessed remotely.

Regarding the exodus allbusiness.com article – it’s from 1999. Little old. I have managed to find their website – [www.exodussecurity.com]

It doesn’t mention any kind of vault. What they mention is basically a marketing name – it has no meaning beyond Exodus. It’s a particularily disconcerting idea, most of the time these companies like to hide the details of their setup. There in lay the risks.

Scam or not, why would you even considering allowing a third party to see and store all of this data for $20.00???? As in any financial transaction, you have to weigh the benefits vs. the risk/cost. Now, if they offered you a million bucks, the benefit might outweigh the risk, but for $20.00, I’d say anyone that agrees to this is either insane, ignorant or both!

I got this offer as well. I went through the first page which only asks for email and basic information to see what else they wanted. When I clicked submit the form reset. How should someone trust a site with all of their financial information when they can’t even make a simple form work on their website!